Update NEWS and TODO with sd-boot random seed developments

diff --git a/NEWS b/NEWS
index 86a99386706878b2ef33f7cb5cf73401fc7f54fe..4868748a3e91a29942293c53fdbd9d3851ffc714 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,5 +1,25 @@
 systemd System and Service Manager
 
+CHANGES WITH 253 in spe:
+
+        Changes in sd-boot, bootctl, and the Boot Loader Specification:
+
+       * systemd-boot now passes its random seed directly to the kernel's RNG
+         via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which
+         means the RNG gets seeded very early in boot before userspace has
+         started.
+
+       * systemd-boot will pass a random seed when secure boot is enabled if
+         it can additionally get a random seed from EFI itself, via EFI's RNG
+         protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a
+         preceding bootloader.
+
+       * The random seed stored in ESP is now refreshed whenever
+         systemd-random-seed.service is run.
+
+       * systemd-boot handles various seed inputs using a domain- and
+         field-separated hashing scheme.
+
 CHANGES WITH 252 🎃:
 
         Announcements of Future Feature Removals:

diff --git a/TODO b/TODO
index 9c30bfb30d8f902823b7af06079451fab96e1552..78d8064c9df3eadb5f93aa7b21ed650b3ce4924e 100644 (file)
--- a/TODO
+++ b/TODO
@@ -132,7 +132,9 @@ Features:
   Usecase: provide a minimal ESP with sd-boot and a couple of these sd-fetch
   binaries in place of UKIs, and download them on-the-fly.
 
-* bootctl: warn if ESP is mounted world-readable (and in particular the seed)
+* bootctl: warn if ESP is mounted world-readable (and in particular the seed).
+
+* sd-stub: call process_random_seed() the same way sd-boot does.
 
 * maybe: systemd-loop-generator that sets up loopback devices if requested via kernel
   cmdline. usecase: include encrypted/verity root fs in UKI.
@@ -466,18 +468,6 @@ Features:
 
 * pick up creds from EFI vars
 
-* sd-stub/sd-boot: write RNG seed to LINUX_EFI_RANDOM_SEED_TABLE_GUID config
-  table as well. (and possibly drop our efi var). Current kernels will pick up
-  the seed from there already, if EFI_RNG_PROTOCOL is not implemented by
-  firmware.
-
-* sd-boot: include domain specific hash string in hash function for random seed
-  plus sizes of everything. also include DMI/SMBIOS blob
-
-* sd-stub: invoke random seed logic the same way as in sd-boot, except if
-  random seed EFI variable is already set. That way, the variable set will be
-  set in all cases: if you just use sd-stub, or just sd-boot, or both.
-
 * sd-boot: we probably should include all BootXY EFI variable defined boot
   entries in our menu, and then suppress ourselves. Benefit: instant
   compatibility with all other OSes which register things there, in particular
@@ -755,13 +745,6 @@ Features:
   extending the command line to enable vsock on the VM, and using fw_cfg to
   configure socket address.
 
-* sd-boot: rework random seed handling following recent kernel changes: always
-  pass seed to kernel, but credit only if secure boot is used
-
-* sd-boot: also include the hyperv "vm generation id" in the random seed hash,
-  to cover nicely for machine clones. It's found in the ACPI tables, which
-  should be easily accessible from UEFI.
-
 * sd-boot: add menu item for shutdown? or hotkey?
 
 * sd-device has an API to create an sd_device object from a device id, but has